Security isn’t just about your firewall or your DMZ, and it’s not just about your ability to detect threats. Staying secure comes down to taking a holistic approach where everyone – from the CEO to the cleaners – is educated on and understands their role in keeping your organisation secure, follows the right protocols, and your organisation is backed by the right technology.
Think about it this way: you could pay a premium fee for an ultra-secure safety deposit box in Geneva, but if the guard forgets to turn on the security system when they leave for the night, your valuables are left exposed.
The same principles apply to organisational security. You can invest in a state-of-the-art network but if your people aren’t educated on security best practises, or there are gaps in your security system, vulnerabilities can quickly arise.
Good Security Starts with Education
A global survey by Sophos, The Dirty Secrets of Network Firewalls, polled more than 2,700 IT managers from mid-sized businesses in 10 countries and found that 84% are concerned about security risks within their organisations.
With the latest statistics by the Office of the Australian Information Commissioner showing that 33% of data breaches between October and December 2018 occurred as a result of human error, the importance of education in mitigating risk can’t be understated.
Training and support around proper security protocols must be prioritised at the board/executive level of any organisation, and clearly communicated to all end users. In particular, training should be provided regarding secure password and device management, especially given the heightened risk associated with BYOD (bring-your-own-device) policies. End-user education is of the utmost importance, because when it comes to network security, you’re only as strong as your weakest link.
Expect the Best, Prepare for the Worst
In an ideal world, your organisation’s firewall would be advanced enough to filter out every potential threat without issue. The reality is that the average SME faces 22,000 malicious attacks every day, so relying on a single solution to detect and block every threat simply isn’t going to cut it.
No matter how reliable your firewall or single security point product may be, a holistic security system that enables proactive threat monitoring across the entire network is the only way to reliably protect against threats. In fact, ESG Labs research has revealed that 62% of enterprise organisations are now willing to buy a majority of their security technologies from a single vendor for this very reason.
And, in the event that the worst happens and a security breach occurs, having a well-planned approach to disaster recovery is critical to ensuring business continuity, reducing downtime and minimising total risk.
In fact, the Ponemon Institute’s 2018 Cost of Data Breach Study found that having a proactive business continuity and data recovery plan in place at an organisation can help reduce the chance of a repeat data breach by 30%. Likewise, companies involved in the study that prioritised business continuity management saved 44 days in the identification of the incident and 38 days in the containment of the data breach.
Taking proactive measures to prepare for the worst can have a substantial impact on the future health of an organisation.
Developing a Robust Security Frontline
Ultimately, developing an iron-clad security system comes down to accounting for every moving part. This means from the network perimeter and the firewall, to mobile applications and the cloud, to every employee and every device. This means continually refining and improving your approach in line with the changing environment.
Whether you’re dealing with an on-premise server or cloud services solution, relying on disjointed security products or solutions for protection, increases the chances of a gap in the security “frontline”, which weakens the integrity of your network. Likewise, inadequate training for end users heightens the risk of them opening the gates themselves, so to speak, effectively bypassing your safeguards.
Somerville’s Security as a Service, or SECaaS, offering is designed to proactively defend organisations against potential attacks through shoring up your endpoint, network and infrastructure security.
Through our SECaaS managed services, we help organisations alleviate the pressures IT teams face daily with information security such as targeted malware, customer data theft, skills shortages and resource constraints. In addition to this, we maintain software updates and refreshes to ensure an organisation’s security solution is always keeping pace with the ever changing threat landscape.
Partnering with synchronised security systems providers like Sophos enables us to provide end-to-end security solutions that offer complete protection. Our team is on hand to offer ongoing training and support on best practices for cybersecurity, so you can be assured that your end users are following the most secure protocols.
To discuss your organisation’s security requirements, get in touch with the Somerville team.